/*
 * Copyrights of MYeBills. Do not copy or distribute without permissions.
 *
 * TODO 
 */
package com.mbbmap.util;

import java.util.ArrayList;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import com.mbbmap.security.dao.SecAccessDao;


/**
 *
 * security access helper class
 */
public class SecAccessHelper {
/**
 * Check whether the user has access permission to the input moduleId
 * @param moduleId module to check
 * @param request request object where accesslist attribute is stored
 * @return access allow or not
 */
    public static boolean isAccessAllow (String moduleId, HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        boolean permission =false;
        
        System.out.println("The received moduleId is "+moduleId);
        
	    ArrayList secGroupAccessList = new ArrayList();
	  	secGroupAccessList = (ArrayList) session.getAttribute(Constants.LOGON_ACCESS_LIST);
	  	
	  	if ( secGroupAccessList !=null ) {
	  		System.out.println("The secGroupAccessList is not null.");
	  		System.out.println("The secGroupAccessList size is "+secGroupAccessList.size());
		  	for(int i=0;i<secGroupAccessList.size();i++){
		  		SecAccessDao secaccessDao = (SecAccessDao)secGroupAccessList.get(i);
		  		System.out.println("Comparing secaccessDao module code = "+secaccessDao.getModuleCode()+" to moduleId = "+moduleId);
		  		if (secaccessDao.getModuleCode().equals(moduleId)){
		  		    
		  			permission = true;
		  		    break;
		  		}
		  	}
	  	}else {
	  		System.out.println("The secGroupAccessList is null.");
	  	}
	  	
	  	
	      return permission;  
    }
    
}
